SM Bureau
Privacy Policy

Privacy & Data Protection Policy

Last updated: March 10, 2026

Introduction

SM Bureau is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR) and French data protection laws.

This policy applies to all data collected through our website www.smbureau.fr, our gallery, and any interactions with SM Bureau.

1. Data Controller

The data controller responsible for processing your personal data is:

SM Bureau

SASU

84 boulevard du Montparnasse, 75014 Paris, France

SIREN: 931 403 927

Email: contact@smbureau.fr

Phone: +33 (0) 7 73 85 50 34

2. Personal Data We Collect

We collect different types of personal data depending on your interactions with us:

2.1 Identity Data

  • • First name and last name
  • • Title (Mr, Mrs, etc.)

2.2 Contact Data

  • • Email address
  • • Phone number
  • • Postal address (if applicable)

2.3 Technical Data

  • • IP address
  • • Browser type and version
  • • Device type (computer, mobile, tablet)
  • • Operating system
  • • Connection data (date, time)

2.4 Navigation Data

  • • Pages visited
  • • Time spent on pages
  • • Navigation path
  • • Referring website
  • • Products/services viewed

2.5 Communication Data

  • • Content of your messages via contact forms
  • • Inquiries about our services or products
  • • Appointment requests
  • • Newsletter subscription preferences

2.6 Transactional Data (if applicable)

  • • Purchase history
  • • Product preferences
  • • Payment information (processed securely by payment processors)

Important: We do not collect sensitive data such as racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation, unless legally required or with your explicit consent.

3. Purposes and Legal Basis

We process your personal data for the following purposes and legal bases:

Purpose Legal Basis Retention Period
Managing contact requests and inquiries Legitimate interest (Article 6.1.f GDPR) 3 years from last contact
Processing and executing orders/services Contract execution (Article 6.1.b GDPR) 10 years (accounting obligations)
Sending newsletters and commercial communications Consent (Article 6.1.a GDPR) Until withdrawal of consent or 3 years of inactivity
Website analytics and improvement Consent (Article 6.1.a GDPR) 13 months (cookies)
Legal and regulatory compliance Legal obligation (Article 6.1.c GDPR) According to applicable regulations
Managing and responding to your rights requests Legal obligation (Article 6.1.c GDPR) 5 years
Fraud prevention and security Legitimate interest (Article 6.1.f GDPR) 1 year

4. Data Recipients

Your personal data may be shared with the following categories of recipients:

  • SM Bureau authorized personnel: Our employees and collaborators who need access to your data to perform their duties
  • Technical service providers: Website hosting, maintenance, email service providers, analytics tools
  • Payment processors: Secure payment services (if applicable)
  • Professional advisors: Lawyers, accountants, auditors
  • Competent authorities: Law enforcement, regulatory authorities, courts when legally required

All our service providers are contractually bound to comply with GDPR requirements and to protect your data. We do not sell, rent, or share your personal data with third parties for their marketing purposes.

5. International Data Transfers

Some of our service providers may be located outside the European Union. When we transfer your data outside the EU/EEA, we ensure that appropriate safeguards are in place, including:

  • Adequacy decisions: Transfers to countries deemed to provide an adequate level of protection by the European Commission
  • Standard Contractual Clauses (SCCs): Approved by the European Commission (Articles 45 and 46 GDPR)
  • Binding Corporate Rules: For transfers within multinational groups
  • Certification mechanisms: Such as Privacy Shield successor frameworks (where applicable)

You can request information about the specific safeguards in place for international transfers by contacting us at contact@smbureau.fr.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: HTTPS/SSL encryption for data transmission
  • Access control: Strict access restrictions based on need-to-know principle
  • Authentication: Strong password policies and multi-factor authentication
  • Regular backups: Secure and encrypted data backups
  • Security updates: Regular software and system updates
  • Staff training: Regular data protection training for all personnel
  • Incident response: Procedures for detecting and responding to data breaches

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the CNIL within 72 hours as required by Article 33 GDPR.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

7.1 Right of Access (Article 15 GDPR)

You have the right to obtain confirmation that your data is being processed and to access your personal data, along with information about the processing.

7.2 Right to Rectification (Article 16 GDPR)

You have the right to obtain the rectification of inaccurate or incomplete personal data concerning you.

7.3 Right to Erasure / "Right to be Forgotten" (Article 17 GDPR)

You have the right to obtain the erasure of your personal data under certain conditions (e.g., data no longer necessary, withdrawal of consent, objection to processing).

7.4 Right to Restriction of Processing (Article 18 GDPR)

You have the right to obtain restriction of processing in certain situations (e.g., pending verification of accuracy, pending resolution of objection).

7.5 Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

7.6 Right to Object (Article 21 GDPR)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before withdrawal.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) if you believe that the processing of your personal data violates the GDPR.

7.9 Right to Define Post-Mortem Directives

You have the right to define directives concerning the retention, erasure, and communication of your personal data after your death.

How to Exercise Your Rights

To exercise any of these rights, please contact us:

  • By email: contact@smbureau.fr
  • By mail: SM Bureau, 84 boulevard du Montparnasse, 75014 Paris, France

Please include proof of identity (copy of ID card or passport) to protect your data from unauthorized access. We will respond to your request within one month of receipt. This period may be extended by two additional months in case of complexity or number of requests.

8. Cookies and Trackers

Our website uses cookies and similar tracking technologies. For detailed information about the cookies we use and how to manage your preferences, please consult our Cookie Policy.

9. Protection of Minors

Our services are not intended for individuals under the age of 18 (or 15 for certain services requiring parental consent under French law). We do not knowingly collect personal data from minors without parental consent.

If you are a parent or guardian and believe that your minor child has provided us with personal data without your consent, please contact us immediately at contact@smbureau.fr so we can delete such information.

10. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make significant changes, we will notify you by:

  • • Posting the updated policy on our website with a new "Last Updated" date
  • • Sending you an email notification (if we have your email address)
  • • Displaying a prominent notice on our website

We encourage you to review this Privacy Policy periodically. Your continued use of our services after the effective date of the updated policy constitutes your acceptance of the changes.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

SM Bureau

Data Protection Officer

84 boulevard du Montparnasse

75014 Paris, France

Email: contact@smbureau.fr

Phone: +33 (0) 7 73 85 50 34

French Data Protection Authority (CNIL)

If you are not satisfied with our response or believe that we are processing your personal data in a way that is not lawful, you have the right to lodge a complaint with the French Data Protection Authority:

CNIL

3 Place de Fontenoy

TSA 80715

75334 Paris Cedex 07, France

Website: www.cnil.fr

Phone: +33 (0)1 53 73 22 22

← Return to Homepage